Quickstart
Get FOXWAF up and running in 5 minutes and put your first site behind it.
1. Install
Run as root (the script auto-detects the Docker environment and completes deployment):
curl -fsSL https://server.foxwaf.cn/install.sh | bash
See Download & Install.
2. Log in to the Console
Once installed, open:
http://<server-ip>:8088/fox
Log in with the default credentials fox / fox and change the password immediately on the Account page. For production, also enable:
- 2FA two-factor authentication
- Strong passwords with regular rotation
- Restrict admin console access by IP
3. Configure Your First Site
On the Sites page, create a new entry:
- Listen: specify the public port, e.g.
0.0.0.0:443(HTTPS). - SNI / Host: your domain, e.g.
www.example.com. - Upstream: the real backend address, e.g.
http://10.0.0.10:8000; multiple entries with round-robin / weighted balancing are supported. - Certificate: upload a
.crtand a.key— ECDSA / RSA / ShangMi SM2 are supported.
Changes take effect immediately on save (no restart needed).
4. Verify Protection
用一个简单的 XSS payload 验证:
curl -i 'https://example.com/alert(10)'
Normally you should see 403 Forbidden and a matching entry in the Attack Log section of the console.
Next Steps
- Architecture — Learn the 8-layer request pipeline
- Configuration — Multi-site, hot reload, mirror sources
- OpenAPI Reference — PRO 自动化 API 与 Bearer Token 鉴权
- Plugins & Extensions — Inject business-specific security logic